<?php
/**
 * Author: DefinitlyEvil
 * Created at: 2020/5/15 16:18
 */

namespace App\ServerAPI;


use App\Controller;
use App\Tools\Pattern;

class StorageController extends Controller
{

    public static function register(\FastRoute\RouteCollector $r) {
        $r->post('/weapons', [self::class, 'weapons']);
        $r->post('/equipped', [self::class, 'equipped']);
    }

    public function equipped($params = []) {
        if (!isset($params['u']) or !is_string($params['u']) or !Pattern::matches(Pattern::USERNAME, $params['u'])) return ['invalid username'];
        if (!isset($params['f']) or !is_array($params['f'])) throw new \Exception('no filter defined');
        $filter = [];
        foreach ($params['f'] as $k => $v) {
            // CHECK FOR PATTERN, PREVENT SQL INJECTION!
            if (!is_string($v) or !Pattern::matches(Pattern::ALPHANUMERIC, $v)) throw new \Exception('invalid category filter');
            $filter[] = sprintf("'%s'", $v); // double check
        }
        if (count($filter) <= 0) throw new \Exception('filter is empty');
        $filter = implode(',', $filter);

        $u = &$params['u'];
        $sql = <<< EOL
SELECT DISTINCT `item_categories`.`id` AS `cat_id`,`item_categories`.`tag` AS `cat_tag`,`item_types`.`tag` AS `item_tag`,`item_storage`.`expire_time`
FROM `item_storage`
LEFT JOIN `accounts` ON `accounts`.`id`=`item_storage`.`account_id`
LEFT JOIN `item_types` ON `item_storage`.`item_type_id`=`item_types`.`id`
LEFT JOIN `item_categories` ON `item_types`.`category_id`=`item_categories`.`id`
WHERE `accounts`.`username`=:u AND `item_storage`.`equipped`=1 AND `item_categories`.`tag` IN (%s) 
      AND (`item_storage`.`expire_time` IS NULL OR UNIX_TIMESTAMP()<`item_storage`.`expire_time`)
EOL;
        $sql = sprintf($sql, $filter);
        $stm = $this->getPdo()->prepare($sql);
        $stm->bindParam(':u', $u);
        if ($stm->execute() === false) return ['query error / 1', false];
        $results = $stm->fetchAll();
        if ($results === false) return ['query error / 2', false];
        return [['equipped' => $results], true];
    }

    public function weapons($params = []) {
        if(!isset($params['u']) or !is_string($params['u']) or !Pattern::matches(Pattern::USERNAME, $params['u'])) return ['invalid username'];
        $u = &$params['u'];
        /**
         * cat_id cat_tag item_tag
         * 1 WEAPON1 ak47
         * 2 WEAPON2 glock
         */
        $stm = $this->getPdo()->prepare( <<< EOL
SELECT DISTINCT `item_categories`.`id` AS `cat_id`,`item_categories`.`tag` AS `cat_tag`,`item_types`.`tag` AS `item_tag`,`item_storage`.`expire_time`
FROM `item_storage`
LEFT JOIN `accounts` ON `accounts`.`id`=`item_storage`.`account_id`
LEFT JOIN `item_types` ON `item_storage`.`item_type_id`=`item_types`.`id`
LEFT JOIN `item_categories` ON `item_types`.`category_id`=`item_categories`.`id`
WHERE `accounts`.`username`=:u AND `item_storage`.`equipped`=1 AND `item_categories`.`tag` IN ('WEAPON1', 'WEAPON2', 'WEAPON3', 'WEAPON4') 
      AND (`item_storage`.`expire_time` IS NULL OR UNIX_TIMESTAMP()<`item_storage`.`expire_time`)
EOL
);
        $stm->bindParam(':u', $u);
        if($stm->execute() === false) return ['query error / 1', false];
        $results = $stm->fetchAll();
        if($results === false) return ['query error / 2', false];
        return [['weapons' => $results], true];
    }

}